The Spy on Your Desk
by Alan Simpson
Washington, DC. Feb. 24th, 2005 ---- Many months ago I wrote a very popular piece about "The Spy in Your Pocket" regarding cellphones. Many considered it a little far fetched that a cellphone could be used to listen in to conversations. Some even suggested that it was crazy to suggest a cellphone could still be active if switched off.
Well many engineers have experimented and now all cell phones in key meetings have to have their batteries removed. Also the idea that hackers couldn't get into cellphones has been blown apart this week with the highly publicized hacking of Paris Hilton's cellphone. Whoopty dee!
My next concern is the Spy on your Desk. This really came home this week when we got a number of PC's off eBay to use in the lab. The Macs were great, but one of the Wincrap machines was a little bit "Wobbly". This appears to be from a batch received from corporations, off short term leases.
Looking at the machine closely revealed 818 viruses, trojan horses and key loggers! Even McAfee couldn't delete or quarantine the little devils. They defied all delete attempts, even using DOS. Initially the idea was to throw away the drive, but the spooksense in us all forced us to dig deeper. There was no way to track the origin of the machine from California, and if successful I am sure a dozen Lawyers would have come out of the woodwork with writs.
It appears that besides doing work for the company the machines owner loved to look at pornography sites. No problem, whatever rings your bell. But they seem to have joined some sort of file swapping ring, and that appears to be the loading dock for such a huge amount of spyware and nastyware. Some point out that these exist for recipes etc.
There were a lot of silly greeting pieces and stupid singing cards in an odd directory that were very suspicious. All the corporate material etc. had been carefully deleted by the employee before the computer was returned. Very thoughtful!
The significant danger that brings me to write this piece was the key stroke loggers and other spy ware we found. This company, or this temporary worker on a new project for a company may as well have posted their work on the Internet, along with all passwords and addresses.
Over the years I have watched companies and government departments bring in temporary groups of people to ramp up a project. Many times they are housed in temporary offices, and even off-site in short term leased accommodation. They lease furniture, computers and people. These computers probably aren't on the network, nor protected to the same degree as the main enterprise.
They produce media which is transported back to the parent office and loaded directly on to PC inside the security perimeter. I have seen temporary workers take home work, and bring it back to load directly onto their PC's. Same applies.
The latest gimmick is the tiny USB data transfer chips, that double up as a necklace. Watching executives plug them in and out of computers drives me crazy. Sharing them with friends to download recipes and of course porn.
When will we learn that the desktop and laptop PC's are the best espionage tool ever invented.
Smart Network Administrators (?) ensure that users can't download applications, nor modify them on individual PC's. How many provide spyware and virus checkers on each machine, especially those that leave the office or are given a shot of data from a USB transfer chip. Few I see, they sit in their pink IT bubble feeling secure about incoming data through their Internet pipe.
Several years ago I brought to the attention of thousands of executives the Asymetric Warfare policy of the Chinese. They believe in stripping even the smallest piece of information from computers worldwide. Today their job is made so much easier by poorly educated users of PC's in a PC (politically correct) environment. The bogeypeople of American industry, the HR Consultants chastise IT managers for daring to insist that PC's aren't used for cutesy greeting cards, stupid singing characters, and looking at sites in employees breaks.
The Chinese love them, as do every terrorist organization and purveyor of stolen identities.
It's time for top management to take back the workplace and just as an employee can be fired for making a pipe bomb on their desk, they should be fired for making a data bomb too. The results are just the same. Destruction of companies, jobs and the livelyhood of their fellow workers.
That PC is not a dumb machine. It could be a smart Spy!